WannaCry infected hundreds of thousands of computers worldwide, disrupting businesses and breaching major services — from United Kingdom hospital systems and Russia’s interior ministry to Germany’s rail network and a Spanish telecommunications operator. The virus locked down files and demanded $300 to $600 to restore them.

British IT expert Marcus Hutchins has been branded a hero for slowing down the “WannaCry” global cyberattack.Frank Augstein / AP

Hutchins, who goes by the online alias “MalwareTech” and works for the Los Angeles-based Kryptos Logic, told the Associated Press in May that hundreds of computer experts rushed into battle against the virus.

“I’m definitely not a hero,” he told the AP. “I’m just someone doing my bit to stop botnets.”

Kryptos Logic chief executive Salim Neino told the AP that his employee’s efforts helped stop the virus in its tracks in Europe — before it could wreak havoc in the U.S.

“Marcus … not only saved the United States but also prevented further damage to the rest of the world,” Neino told the AP in May. “Within a few moments, we were able to validate that there was indeed a kill switch. It was a very exciting moment.”

But now federal prosecutors accuse Hutchins of creating and distributing a banking “trojan,” or malware, called Tronos. The virus was designed to harvest and transfer the usernames and passwords linked with banking websites whenever they were entered on an infected computer.

The indictment, filed in a Wisconsin federal court last month, alleges that Hutchins and another defendant, whose name is redacted, engaged in the alleged conduct between July 2014 and July 2015.

Hutchins was arrested in Las Vegas after reportedly attending the Black Hat and Defcon security conferences. His arrest comes after a two-year investigation into the Kronos malware, led by the FBI’s cryber crime unit in Milwaukee.

The news of his arrest marks a dramatic turn for a tech whiz applauded in some media reports as an “accidental hero” for his key role in blunting the WannaCry attack.

That malware acted like a worm, finding security holes in a computer to spread throughout a network and exploiting a vulnerability in Microsoft operating systems, especially those with outdated software. Microsoft said at the time of the attack that it had been pushing out special automatic updates to those older systems in order to block the virus.

Hutchins, for his part, identified the domain name in the virus and purchased the site. That move acted as a “kill switch,” neutralizing the threat.

In separate statements, spokespeople for two British agencies, the National Crime Agency and the National Cyber Security Center, said they were aware of the arrest and referred all inquiries to U.S. authorities.

The Electronic Frontier Foundation, a San Francisco-based digital rights group, said it was “deeply concerned” about Hutchins’ arrest and was attempting to reach him.

Andrew Mabbitt, a British digital security specialist who had been staying in Las Vegas with Hutchins, said he and his friends grew worried when they got “radio silence” from Hutchins for hours. The worries deepened when Hutchins’ mother called to tell him the young researcher hadn’t made his flight home.

Mabbitt said he eventually found Hutchins’ name on a detention center website.

One legal scholar who specializes in studying computer crime said it’s unusual, and problematic, for prosecutors to go after someone simply for writing or selling malware — as opposed to using it to further a crime.

“This is the first case I know of where the government is prosecuting someone for creating or selling malware but not actually using it,” said Orin Kerr, a law professor at George Washington University. Kerr said it will be difficult to prove criminal intent.

“It’s a constant issue in criminal law — the helping of people who are committing a crime,” Kerr said. “When is that itself a crime?”